Transcription of ISO 19600 - International standard for compliance …
1 ISO 19600 International standard for compliance management1 ISO 19600 International standard for compliance management |The International standard ISO 19600 , compliance management systems guidelinesThe International Organization for Standardization is one of the most trusted bodies when it comes to setting standards on a global scale. Based on the principles of good governance, proportionality, transparency and sustainability, the new ISO 19600 standard is designed to provide guidance for establishing, developing, implementing , evaluating, maintaining and improving a compliance management program. The guidelines are applicable to all types of organizations, irrespective of size, industry, risk exposure or global reach. ISO 19600 is adaptable to the size, nature and complexity of each organization s business activities. Broadly speaking, organizations can adopt the International standard as stand-alone guidance or combine it with already existing management program standards ( , ISO 9001, Quality management).
2 The new ISO 19600 , rolled out December 2014, is expected to serve as an International standard and a global benchmark for compliance management programs. Corporate compliance is one of management s highest risk concerns. Implementation of a robust compliance and ethics program based on company values and appropriate risk based compliance has helped companies maintain integrity and avoid or minimize noncompliance issues. It is not surprising that organizations are increasingly seeking to validate their compliance programs against a recognized should compliance officers approach ISO 19600 ?The introduction of ISO 19600 outlines the minimum guidelines and standards that are expected to be in place for a compliance program to be effective . ISO 19600 provides guidance for establishing, developing, implementing , evaluating, maintaining and improving an effective and responsive compliance management system within an organization.
3 ISO 19600 does not target a specific risk area; rather it provides guidance on how organizations can improve the comprehensiveness of their compliance programs. While ISO 19600 does not bring new core elements to the table, it aids in building a framework around existing key elements and provides basic guidance for the day-to-day business. Consistent with other management systems, ISO 19600 is based on a four-step method used for the control and continuous improvement of processes (plan-do-check-act1): Plan: compliance obligations are identified and compliance risks evaluated in order to derive a strategy and define measures to address them. Do: Defined measures are implemented and monitoring mechanisms established. Check: The compliance management program is reviewed based on the implemented controls. Act: Building on the results, the program is continuously improved, and cases of noncompliance are method used: plan-do-check-act1.
4 International standard , ISO 19600 . compliance Management Systems Guidelines, page VIIdentification of external and internal issuesIdentification of interested parties requirementsPlanning to address compliance risks and to achieve objectivesLeadership, commitment, independent compliance functions, responsibilities at all levels. Support functionsManaging non- compliance and continual improvementDetermining the scope and establishing the compliance management systemEstablishing compliance policyIdentification of compliance obligations and evaluating compliance risksOperational planning and control of compliance risksPerformance evaluation and compliance reportingPlanDoActCheckGood governance principlesPlan/ActDo/Check3 ISO 19600 International standard for compliance management |The challenge of complying with International standardsBy now, various countries have enacted laws and guidelines outlining compliance program elements, and some have developed general or risk-specific compliance standards .
5 In addition, International compliance initiatives, driven by different organizations, have been recognized or adopted by several countries. Keeping an eye on the range of relevant provisions has become a major challenge for organizations given the impact of not only regional and International standards , but also industry-specific regulations. However, we have seen an increasing harmonization of compliance standards over the past few years. ISO 19600 builds on the recognized compliance initiatives of several International organizations and combines them with the well-known ISO standards for management systems. ISO 19600 provides detailed guidance for businesses wanting to implement a compliance management system or benchmark their existing program against a standard . For that purpose, the ISO 19600 framework applies to general compliance and risk specific management objectives focusing on areas that include anti-bribery, anti-corruption, antitrust, fraud, misconduct, and Benefits of implementing ISO 19600 Simplifies approach Incorporates critical elements of other accepted standards in a flexible way Provides a reason to take a fresh look at your program Demonstrates to regulators your organization seeking to be in line with the latest standards The standard has customizable guidance so all organizations can benefit.
6 It follows a risk-based approach; the identified risks ( compliance obligations) are the basis for establishing and implementing controls It aims to create an organizational culture in which compliance becomes the general rule Major compliance standards : Securities and Exchange Commission/Department of Justice, A Resource Guide to the US Foreign Corrupt Practices Act US Federal Sentencing Guideline Manual Section 8B2, effective compliance and ethics programs UK Bribery Act Section 9, Guidance about procedures to prevent bribing and framework BS 10500 Anti-bribery Management System Italian Decree No. 231/2001 Sections 6 and 7 Australian standard AS 3806-2006, compliance Programs German Attestation standard AssS 980, Audit of compliance ProgramsMajor International compliance initiatives: ICC Rules on Combating Corruption OECD Good Practice Guidance on Internal Controls, Ethics, and compliance United Nations Convention against Corruption Open compliance & Ethics Group (OCEG) RedBook COSO Committee of the Sponsoring 3 ISO 19600 International standard for compliance management |4 How EY can helpOur Business Integrity and Corporate compliance practice has the global reach to assist companies in developing a solid platform on which to frame a strategic compliance program.
7 We help companies build better processes for integrity in organizational decisions on issues of critical corporate and personal importance. EY is well positioned as an independent, objective advisor with deep risk management experience and global resources to help a company effectively manage its compliance obligations. Managing current integrity and compliance issues is one of the highest priorities of leading organizations. Developing and embedding a prevention program and a culture of ethics and integrity in line with ISO 19600 will help you to sustain global compliance . Specifically, we provide: compliance risk assessments to help management identify and prioritize the company s significant integrity and compliance risks, including emerging frontier issues. Integrity and compliance performance assessments to independently assess the design of the company s compliance infrastructure, including the compliance function, structures, people, processes and entity-level controls, and to compare compliance infrastructure to the guidance of ISO 19600 in order to identify improvement opportunities.
8 Integrity and compliance program implementation and improvement to assist you in developing and implementing a plan as well as core elements and initiatives that mitigate specific compliance risks or strengthen a company s integrity compliance infrastructure on the basis of ISO 19600 . These services also include integrity diligence services ( compliance due diligence and transaction support), proactive data analytics services and fraud response management. compliance sustainability and monitoring to help management develop and execute a plan to evaluate and monitor the operation of the company s controls over compliance risks, and to integrate integrity and compliance in the day-to-day business detailsFor more information concerning our services, please contact the following EY leads:David Stulb+44 20 7951 2456 Brian LoughmanAmericas +1 212 773 5343 Chris Fordham Asia-Pacific +852 2846 9008 Ken ArahariJapan+81 3 3503 1100 John Smart Northern Europe+44 20 7951 3401 Ricardo NorenaWestern Europe+34 915 725 097 Stefan Heissner Central and Eastern Europe+49 211 9352 11397 Michael Adlem Middle East +971 4 701 0524 Arpinder Singh India+91 22 6192 0160 Charles De ChermontAfrica+27 11 502 0426 Global Leader Regional Leaders5 ISO 19600 International standard for compliance management |EY | Assurance | Tax | Transactions | AdvisoryAbout EY EY is a global leader in assurance, tax, transaction and advisory services.
9 The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US. 2015 Ernst & Young LLP. All Rights No. WW0402 1508-1596754_NYED
